The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released their monthly monitor report in collaboration with US-CERT, the report focus to assist the community with ways to secure and protect their environment.
If we look at the report it is stated the increase of highly sophisticated malwares that are targeting different operating and industrial system, as a recommendation to mitigate the threats the report include six very important steps:
- Incorporate More Than Just Security Updates into the Patch Release Cycle: this is a very important point as we know that some security professional try to patch their system blindly without understanding the risk behind this update, and here some fixes are going to open new bugs in the system that can be exploited by hackers.
- Driver Signing comes as a security measures to not allow employee install unknown devices and signing drivers will limit the risk of having new malwares.
- Operating system partitioning will help in isolating data storage from other OS component so if you need to reinstall the system or application you will not lose your important data.
- Next is the file verification which will help system administrator to monitor if there any suspicious file changes that can be caused by malicious user.
- Registry monitoring comes in the fifth level of recommendations and this is important to detect and alert any unusual activity on critical systems.
- Final point is to implement Antivirus and host based intrusion detection system with latest signature, to protect your system against zero days exploitations.
You can have a look at this interesting report by ICS-CERT to have more information and follow the important recommendations on this link: http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_Dec2011.pdf.